AI, Nation-State Threats and the Collective Challenge of Cybersecurity

By Cliff Yeung

While technological innovation has flourished in recent years, the rapid digitization of services and shift to connected environments have opened more avenues for cyber threat actors. Citizens, enterprises and governments are being infiltrated, disrupted and extorted for critical information. Lawmakers and industry leaders are taking notice, sharing their thoughts and concerns at POLITICO’s recent Policy Outlook event, which I recently attended in Washington, DC. Here are the top three takeaways:

Cybersecurity has become an AI problem

Cyberattacks have increased as widely accessible AI applications have grown. At first glance, ransomware-as-a-service providers appear to have benefited dramatically from leveraging assistants to write malicious code. However, disinformation remains low-hanging fruit for threat actors. Drew Bagley, chief privacy officer at CrowdStrike, emphasized how that the democratization of AI means that time, skills or language comprehension are no longer necessary to craft compelling phishing campaigns to steal credentials and gain access to private networks.

It has become increasingly difficult to sift through what is real and what is not. From identification documents to resumes and cover letters, AI is being used to elevate social engineering, enabling North Korean IT workers to pose as U.S. citizens and infiltrate U.S. enterprises. Additionally, adversaries can quickly sift through breached data and weaponize it thanks to AI solutions that enable them to search for passwords or vulnerabilities.

Nation-state threat actors target critical infrastructure

Whether it is Chinese hackers targeting telco infrastructure or Iranian hackers penetrating energy and transit systems, lawmakers agreed that foreign adversaries are circumventing U.S. cyber efforts and targeting critical infrastructure. Surprisingly, for every 6,000 U.S. cybersecurity operators, it is estimated that China has 60,000, according to Mark Montgomery of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation.

Notably, Senator Angus King (I-Maine) highlighted how responding to attacks in cyberspace is no simple feat. King agreed that the response must hurt—a point the U.S. is still trying to figure out. Other panelists, such as Matt Hayden, VP cyber and emerging threats at General Dynamics Information Technology, are calling for a cyberspace deterrent that coincides with cyber resilience options. Under this paradigm, the U.S. needs to make it harder, riskier and costlier for threat actors to target both public and private organizations.

Cybersecurity is a collective effort

Panelists agreed that while it is excellent, we have cybersecurity organizations and partners sharing intelligence and providing recommendations, more needs to be done to help organizations figure out their next steps. Caitlin Clarke, senior director of cybersecurity services at Venable, highlighted that many small and medium-sized businesses lack the resources or knowledge to implement cybersecurity recommendations, exposing them to greater risk of cyberattacks as adversaries move quickly alongside industry innovation. This challenge is also reflected in public space, with cybersecurity responsibility shifting to individual states under the current administration, according to Senator King. King stressed that many states lack the capacity to enhance their cybersecurity posture and require federal support.

Sharing intelligence will be critical to elevating global cybersecurity posture, but organizations need to be strategic in communicating discoveries, changes in the cyber threat landscape, and key recommendations. To ensure all of this is not lost in cyberspace or the fast-paced news cycle, organizations need to do more than simply put out an announcement highlighting their research or recommendations.

For communications professionals, this is where your role will be essential to getting the word out there. Work alongside your subject matter experts and connect them with key journalists who are passionate about the cybersecurity vertical. What we are seeing at Wireside is that cybersecurity organizations that deeply value strategic public relations and foster strong media relationships by providing timely insights pull ahead of the noise and their competitors.